summaryrefslogtreecommitdiffstats
path: root/common-app-api
diff options
context:
space:
mode:
authorandre.schmid <andre.schmid@est.tech>2019-11-04 13:59:28 +0000
committerOjas Dubey <Ojas.Dubey@amdocs.com>2019-11-06 06:52:38 +0000
commit9056ae7b51532ef185164aefe2fccaeabed6946c (patch)
treea5e0df6c284fc584f61c9d0c242feec90cbe689b /common-app-api
parent1e61754c29fc99636de692a0fb9d2ef1a4ba9e61 (diff)
Fix sonarqube issues introduced by ZipSlip change
Fix major and critical sonarqube issues introduced by ZipSlip change id I721f3d44b34fe6d242c9537f5a515ce1bb534c9a Change-Id: I3aa2cd4116936d715baba99a38d43aa40fd62a29 Issue-ID: SDC-1401 Signed-off-by: andre.schmid <andre.schmid@est.tech>
Diffstat (limited to 'common-app-api')
-rw-r--r--common-app-api/src/main/java/org/openecomp/sdc/common/zip/ZipUtils.java47
1 files changed, 27 insertions, 20 deletions
diff --git a/common-app-api/src/main/java/org/openecomp/sdc/common/zip/ZipUtils.java b/common-app-api/src/main/java/org/openecomp/sdc/common/zip/ZipUtils.java
index d90377fc88..25f85badef 100644
--- a/common-app-api/src/main/java/org/openecomp/sdc/common/zip/ZipUtils.java
+++ b/common-app-api/src/main/java/org/openecomp/sdc/common/zip/ZipUtils.java
@@ -75,8 +75,8 @@ public class ZipUtils {
String canonicalPath = null;
try {
canonicalPath = file.getCanonicalPath();
- } catch (final IOException ignored) {
- //ignored
+ } catch (final IOException ex) {
+ LOGGER.debug("Could not get canonical path of file '{}'", file.getPath(), ex);
}
if (canonicalPath != null && !canonicalPath.equals(file.getAbsolutePath())) {
throw new ZipSlipException(filePath.toString());
@@ -170,26 +170,10 @@ public class ZipUtils {
final Map<String, byte[]> filePathAndByteMap = new HashMap<>();
try (final ZipInputStream inputZipStream = ZipUtils.getInputStreamFromBytes(zipFileBytes)) {
- byte[] fileByteContent;
- String currentEntryName;
ZipEntry zipEntry;
while ((zipEntry = inputZipStream.getNextEntry()) != null) {
- checkForZipSlipInRead(zipEntry);
- currentEntryName = zipEntry.getName();
- fileByteContent = getBytes(inputZipStream);
- if (zipEntry.isDirectory()) {
- if (hasToIncludeDirectories) {
- filePathAndByteMap.put(normalizeFolder(currentEntryName), null);
- }
- } else {
- if (hasToIncludeDirectories) {
- final Path parentFolderPath = Paths.get(zipEntry.getName()).getParent();
- if (parentFolderPath != null) {
- filePathAndByteMap.putIfAbsent(normalizeFolder(parentFolderPath.toString()), null);
- }
- }
- filePathAndByteMap.put(currentEntryName, fileByteContent);
- }
+ filePathAndByteMap
+ .putAll(processZipEntryInRead(zipEntry, getBytes(inputZipStream), hasToIncludeDirectories));
}
} catch (final IOException e) {
LOGGER.warn("Could not close the zip input stream", e);
@@ -198,6 +182,29 @@ public class ZipUtils {
return filePathAndByteMap;
}
+ private static Map<String, byte[]> processZipEntryInRead(final ZipEntry zipEntry,
+ final byte[] inputStreamBytes,
+ final boolean hasToIncludeDirectories) throws ZipException {
+ final Map<String, byte[]> filePathAndByteMap = new HashMap<>();
+ checkForZipSlipInRead(zipEntry);
+ if (zipEntry.isDirectory()) {
+ if (hasToIncludeDirectories) {
+ filePathAndByteMap.put(normalizeFolder(zipEntry.getName()), null);
+ }
+ return filePathAndByteMap;
+ }
+
+ if (hasToIncludeDirectories) {
+ final Path parentFolderPath = Paths.get(zipEntry.getName()).getParent();
+ if (parentFolderPath != null) {
+ filePathAndByteMap.putIfAbsent(normalizeFolder(parentFolderPath.toString()), null);
+ }
+ }
+ filePathAndByteMap.put(zipEntry.getName(), inputStreamBytes);
+
+ return filePathAndByteMap;
+ }
+
/**
* Adds a {@link File#separator} at the end of the folder path if not present.
*